811 matches found
elfutils 'read_long_names' function denial of service vulnerability
elfutils is a collection of utilities and libraries for reading, creating, and modifying ELF binaries. libelf is one of these libraries for parsing and interacting with ELF-formatted binaries. A security vulnerability exists in the 'readlongnames' function in the elfbegin.c file of libelf in...
elfutils 'read_srclines' function heap buffer out-of-bounds read vulnerability
elfutils is a collection of utilities and libraries for reading, creating and modifying ELF binaries. libdw is one of the ELF manipulation libraries. A heap buffer out-of-bounds read vulnerability exists in the 'readsrclines' function of the dwarfgetsrclines.c file of libdw in elfutils version...
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...
CVE-2019-7146
In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...
CVE-2019-7146
In elfutils 0.175, there is a buffer over-read in the eblobjectnote function in eblobjnote.c in libebl. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted elf file, as demonstrated by eu-readelf...
CVE-2019-7148
An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...
CVE-2019-7148
An attempted excessive memory allocation was discovered in the function readlongnames in elfbegin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers...
CVE-2019-7149
A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...
elfutils 'ebl_object_note' function out-of-bounds read vulnerability
elfutils is a collection of utilities and libraries for reading, creating, and modifying ELF binaries. libebl is one of the libraries that provides ELF access. An out-of-bounds read vulnerability exists in the 'eblobjectnote' function of the eblobjnote.c file of libebl in elfutils version 0.175. ...
CVE-2019-7149
A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...
CVE-2019-7150
The CVE-2019-7150 issue affects elfutils (0.175) where elf64_xlatetom in libelf/elf32_xlatetom.c can segfault because dwfl_segment_report_module does not check if core file dyn data is truncated. This leads to a crash/denial-of-service when processing crafted ELF inputs (as demonstrated by eu-sta...
CVE-2019-7146
CVE-2019-7146 affects elfutils 0.175 where a buffer over-read in the ebl_object_note path (libebl) can be triggered by a crafted ELF file, enabling a denial-of-service as demonstrated by eu-readelf. The issue is rooted in reading ELF core/notes data without proper bounds checks. Public advisories...
CVE-2019-7149
CVE-2019-7149 affects elfutils 0.175 (libdw) where read_srclines.c contains a heap-based buffer over-read that can trigger segmentation faults and denial of service when processing crafted input. The issue is documented across multiple advisories (e.g., ALAS2-2019-1337, ASA-201903-9, CentOS/RHEL ...
CVE-2019-7148
CVE-2019-7148 is a vulnerability in elfutils 0.174 where an attempted excessive memory allocation in read_long_names could lead to a denial of service via crafted ELF input. The issue is discussed across multiple NT/vendor advisories, which note ASAN-related warnings and indicate later elfutils r...
UBUNTU-CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...
CVE-2019-7149
A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...
CVE-2019-7150
An issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64xlatetom in libelf/elf32xlatetom.c, due to dwflsegmentreportmodule not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to...
UBUNTU-CVE-2019-7149
A heap-based buffer over-read was discovered in the function readsrclines in dwarfgetsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm...